CVE-2008-5515
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-5515
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Tomcat 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Tomcat在使用RequestDispatcher方式过滤查询字符串之前会首先规范化模板路径名称,如果请求中包含有特制参数的话,就可能通过目录遍历攻击访问受限制的内容,或在WEB-INF目录中锁定内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-5515
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-5515
Please Login to view more intelligence information
- http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlx_refsource_CONFIRM
- http://tomcat.apache.org/security-4.htmlx_refsource_CONFIRM
- http://tomcat.apache.org/security-6.htmlx_refsource_CONFIRM
- http://tomcat.apache.org/security-5.htmlx_refsource_CONFIRM
- http://support.apple.com/kb/HT4077x_refsource_CONFIRM
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1vendor-advisoryx_refsource_SUNALERT
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlvendor-advisoryx_refsource_SUSE
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.htmlvendor-advisoryx_refsource_FEDORA
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlvendor-advisoryx_refsource_APPLE
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445vdb-entrysignaturex_refsource_OVAL
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452vdb-entrysignaturex_refsource_OVAL
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2008-5515
Same Patch Batch · n/a · 2009-06-16 · 18 CVEs total
| CVE-2009-2083 | Drupal Taxonomy Manager Administrative Page跨站脚本攻击漏洞 | |
| CVE-2009-2081 | phpWebThings "help.php" 目录遍历漏洞 | |
| CVE-2009-2080 | MRCGIGUY The Ticket System "admin.php" 权限许可漏洞 | |
| CVE-2009-2079 | Drupal "Taxonomy Manager Administrative Page" 跨站脚本攻击漏洞 | |
| CVE-2009-2078 | Drupal Booktree多个跨站脚本攻击漏洞 | |
| CVE-2009-2077 | Angrydonuts Views模块安全绕过和访问控制漏洞 | |
| CVE-2009-2076 | Drupal 模块"Views" 跨站脚本攻击漏洞 | |
| CVE-2009-2075 | Angrydonuts Nodequeue安全绕过和访问控制漏洞 | |
| CVE-2009-2074 | Drupal 模块"Nodequeue" 跨站脚本攻击漏洞 | |
| CVE-2009-1389 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2009-2082 | Creative Web Solutions Multiple level CMS "insidepage.php" SQL注入漏洞 | |
| CVE-2009-2011 | DX Studio Player shell.execute JavaScript API方法远程任意外壳指令注入漏洞 | |
| CVE-2009-1390 | Mutt 'mutt_ssl.c' X.509 Certificate Chain 安全绕过漏洞 | |
| CVE-2009-2084 | Llnl Simple Linux Utility for Resource Management本地特权升级漏洞 | |
| CVE-2009-1761 | CA ARCserve Backup消息引擎拒绝服务漏洞 | |
| CVE-2009-1719 | Sun Java运行时环境Aqua Look and Feel界面包权限提升漏洞 | |
| CVE-2009-1391 | Compress::Raw::Zlib Perl模块单字节溢出漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2008-5515
No comments yet